[Freeipa-devel] [PATCH] ipa-client-install with --no-sssd option should check for nss_ldap
Alexander Bokovoy
abokovoy at redhat.com
Fri Nov 11 17:31:51 UTC 2011
On Fri, 11 Nov 2011, Ondrej Hamada wrote:
> >>I think we should check for nslcd.conf as well and report that
> >>neither nss-ldap nor nss-pam-ldapd are installed.
> >We have already code in configure_ldap_config() and
> >configure_nslcd_conf that checks all these different files and after
> >configuration reports what was configured.
> >
> >I would rather did a commonalization of detection instead of
> >duplicating the code. We can re-use result of detecting what exists
> >later in configure_{ldap,nslcd}_config().
> >
> I'll do it, but I have question:
> configure_ldap_config() also checks whether file 'pam_ldap.conf'
> exists. Is installed pam_ldap package without nss_ldap enough to
> allow ipa-client installation with --no-sssd option?
If you have kerberos setup, then authentication could be done via
kerberos and NSS module would give you users and groups with nss_ldap.
So pam_ldap + nss_ldap is one of possible configurations, but pam_krb5
+ nss_ldap is also possible to use, without pam_ldap.
--
/ Alexander Bokovoy
More information about the Freeipa-devel
mailing list